Skip to content
Advertisement

c.e.security.jwt.AuthEntryPointJwt : Unauthorized error: Full authentication is required to access this resource

application.properties

server.port=8088

spring.datasource.url=jdbc:postgresql://127.0.0.1:5432/tenant_single_db
spring.datasource.username=postgres
spring.datasource.password=postgres
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
spring.datasource.driver-class-name=org.postgresql.Driver
spring.jpa.hibernate.ddl-auto=update

# Application properties
# https://passwordsgenerator.net/
app.jwtSecret=pXpYPZ8d8FQv7UDepXpYPZ8d8FQv7UDepXpYPZ8d8FQv7UDepXpYPZ8d8FQv7UDepXpYPZ8d8FQv7UDepXpYPZ8d8FQv7UDe
app.jwtExpirationMs=86400000

# swagger-ui custom path. Run ok.
# http://localhost:8088/swagger-ui/index.html
springdoc.swagger-ui.path=/swagger-ui.html
springdoc.packagesToScan=com.example.controller, com.example.controllers

config

package com.example.security;

import com.example.security.jwt.AuthEntryPointJwt;
import com.example.security.jwt.AuthTokenFilter;
import com.example.security.services.UserDetailsServiceImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.server.SecurityWebFilterChain;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(
        // securedEnabled = true,
        // jsr250Enabled = true,
        prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    UserDetailsServiceImpl userDetailsService;

    @Autowired
    private AuthEntryPointJwt unauthorizedHandler;

    @Bean
    public AuthTokenFilter authenticationJwtTokenFilter() {
        return new AuthTokenFilter();
    }

    @Override
    public void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }


    // Nếu id gửi lên != id của tenant của user đó trong database, thì không cho đi tiếp.
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors().and().csrf().disable()
                .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
                .authorizeRequests().antMatchers("/api/auth/**", "/swagger-ui/**").permitAll()

                .antMatchers("/api/test/**").permitAll()
                .anyRequest().authenticated();
        http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
        //;

       // .addFilterAfter(new CustomFilter(), BasicAuthenticationFilter.class); // VyDN 2022_07_22 // https://www.baeldung.com/spring-security-custom-filter
    }

}

// Add filter before, after: https://stackoverflow.com/a/59000469

log

"C:Program FilesJavajdk-18.0.1.1binjava.exe" -agentlib:jdwp=transport=dt_socket,address=127.0.0.1:60285,suspend=y,server=n -XX:TieredStopAtLevel=1 -noverify -Dspring.output.ansi.enabled=always -Dcom.sun.management.jmxremote -Dspring.jmx.enabled=true -Dspring.liveBeansView.mbeanDomain -Dspring.application.admin.enabled=true -javaagent:C:UsersdonhuAppDataLocalJetBrainsIntelliJIdea2022.1captureAgentdebugger-agent.jar -Dfile.encoding=UTF-8 -classpath "D:githubspring-jwttargetclasses;C:Usersdonhu.m2repositoryorgspringframeworkbootspring-boot-starter-data-jpa2.7.1spring-boot-starter-data-jpa-2.7.1.jar;C:Usersdonhu.m2repositoryorgspringframeworkbootspring-boot-starter-aop2.7.1spring-boot-starter-aop-2.7.1.jar;C:Usersdonhu.m2repositoryorgaspectjaspectjweaver1.9.7aspectjweaver-1.9.7.jar;C:Usersdonhu.m2repositoryorgspringframeworkbootspring-boot-starter-jdbc2.7.1spring-boot-starter-jdbc-2.7.1.jar;C:Usersdonhu.m2repositorycomzaxxerHikariCP4.0.3HikariCP-4.0.3.jar;C:Usersdonhu.m2repositoryorgspringframeworkspring-jdbc5.3.21spring-jdbc-5.3.21.jar;C:Usersdonhu.m2repositoryjakartatransactionjakarta.transaction-api1.3.3jakarta.transaction-api-1.3.3.jar;C:Usersdonhu.m2repositoryjakartapersistencejakarta.persistence-api2.2.3jakarta.persistence-api-2.2.3.jar;C:Usersdonhu.m2repositoryorghibernatehibernate-core5.6.9.Finalhibernate-core-5.6.9.Final.jar;C:Usersdonhu.m2repositoryorgjbossloggingjboss-logging3.4.3.Finaljboss-logging-3.4.3.Final.jar;C:Usersdonhu.m2repositorynetbytebuddybyte-buddy1.12.11byte-buddy-1.12.11.jar;C:Usersdonhu.m2repositoryantlrantlr2.7.7antlr-2.7.7.jar;C:Usersdonhu.m2repositoryorgjbossjandex2.4.2.Finaljandex-2.4.2.Final.jar;C:Usersdonhu.m2repositorycomfasterxmlclassmate1.5.1classmate-1.5.1.jar;C:Usersdonhu.m2repositoryorghibernatecommonhibernate-commons-annotations5.1.2.Finalhibernate-commons-annotations-5.1.2.Final.jar;C:Usersdonhu.m2repositoryorgglassfishjaxbjaxb-runtime2.3.6jaxb-runtime-2.3.6.jar;C:Usersdonhu.m2repositoryorgglassfishjaxbtxw22.3.6txw2-2.3.6.jar;C:Usersdonhu.m2repositorycomsunistackistack-commons-runtime3.0.12istack-commons-runtime-3.0.12.jar;C:Usersdonhu.m2repositorycomsunactivationjakarta.activation1.2.2jakarta.activation-1.2.2.jar;C:Usersdonhu.m2repositoryorgspringframeworkdataspring-data-jpa2.7.1spring-data-jpa-2.7.1.jar;C:Usersdonhu.m2repositoryorgspringframeworkdataspring-data-commons2.7.1spring-data-commons-2.7.1.jar;C:Usersdonhu.m2repositoryorgspringframeworkspring-orm5.3.21spring-orm-5.3.21.jar;C:Usersdonhu.m2repositoryorgspringframeworkspring-context5.3.21spring-context-5.3.21.jar;C:Usersdonhu.m2repositoryorgspringframeworkspring-tx5.3.21spring-tx-5.3.21.jar;C:Usersdonhu.m2repositoryorgspringframeworkspring-beans5.3.21spring-beans-5.3.21.jar;C:Usersdonhu.m2repositoryorgslf4jslf4j-api1.7.36slf4j-api-1.7.36.jar;C:Usersdonhu.m2repositoryorgspringframeworkspring-aspects5.3.21spring-aspects-5.3.21.jar;C:Usersdonhu.m2repositoryorgspringframeworkbootspring-boot-starter-security2.7.1spring-boot-starter-security-2.7.1.jar;C:Usersdonhu.m2repositoryorgspringframeworkbootspring-boot-starter2.7.1spring-boot-starter-2.7.1.jar;C:Usersdonhu.m2repositoryorgspringframeworkbootspring-boot2.7.1spring-boot-2.7.1.jar;C:Usersdonhu.m2repositoryorgspringframeworkbootspring-boot-autoconfigure2.7.1spring-boot-autoconfigure-2.7.1.jar;C:Usersdonhu.m2repositoryorgspringframeworkbootspring-boot-starter-logging2.7.1spring-boot-starter-logging-2.7.1.jar;C:Usersdonhu.m2repositorychqoslogbacklogback-classic1.2.11logback-classic-1.2.11.jar;C:Usersdonhu.m2repositorychqoslogbacklogback-core1.2.11logback-core-1.2.11.jar;C:Usersdonhu.m2repositoryorgapachelogginglog4jlog4j-to-slf4j2.17.2log4j-to-slf4j-2.17.2.jar;C:Usersdonhu.m2repositoryorgapachelogginglog4jlog4j-api2.17.2log4j-api-2.17.2.jar;C:Usersdonhu.m2repositoryorgslf4jjul-to-slf4j1.7.36jul-to-slf4j-1.7.36.jar;C:Usersdonhu.m2repositoryjakartaannotationjakarta.annotation-api1.3.5jakarta.annotation-api-1.3.5.jar;C:Usersdonhu.m2repositoryorgyamlsnakeyaml1.30snakeyaml-1.30.jar;C:Usersdonhu.m2repositoryorgspringframeworkspring-aop5.3.21spring-aop-5.3.21.jar;C:Usersdonhu.m2repositoryorgspringframeworksecurityspring-security-config5.7.2spring-security-config-5.7.2.jar;C:Usersdonhu.m2repositoryorgspringframeworksecurityspring-security-web5.7.2spring-security-web-5.7.2.jar;C:Usersdonhu.m2repositoryorgspringframeworkspring-expression5.3.21spring-expression-5.3.21.jar;C:Usersdonhu.m2repositoryorgspringframeworkbootspring-boot-starter-validation2.7.1spring-boot-starter-validation-2.7.1.jar;C:Usersdonhu.m2repositoryorgapachetomcatembedtomcat-embed-el9.0.64tomcat-embed-el-9.0.64.jar;C:Usersdonhu.m2repositoryorghibernatevalidatorhibernate-validator6.2.3.Finalhibernate-validator-6.2.3.Final.jar;C:Usersdonhu.m2repositoryjakartavalidationjakarta.validation-api2.0.2jakarta.validation-api-2.0.2.jar;C:Usersdonhu.m2repositoryorgspringframeworkbootspring-boot-starter-web2.7.1spring-boot-starter-web-2.7.1.jar;C:Usersdonhu.m2repositoryorgspringframeworkbootspring-boot-starter-json2.7.1spring-boot-starter-json-2.7.1.jar;C:Usersdonhu.m2repositorycomfasterxmljacksondatatypejackson-datatype-jdk82.13.3jackson-datatype-jdk8-2.13.3.jar;C:Usersdonhu.m2repositorycomfasterxmljacksondatatypejackson-datatype-jsr3102.13.3jackson-datatype-jsr310-2.13.3.jar;C:Usersdonhu.m2repositorycomfasterxmljacksonmodulejackson-module-parameter-names2.13.3jackson-module-parameter-names-2.13.3.jar;C:Usersdonhu.m2repositoryorgspringframeworkbootspring-boot-starter-tomcat2.7.1spring-boot-starter-tomcat-2.7.1.jar;C:Usersdonhu.m2repositoryorgapachetomcatembedtomcat-embed-core9.0.64tomcat-embed-core-9.0.64.jar;C:Usersdonhu.m2repositoryorgapachetomcatembedtomcat-embed-websocket9.0.64tomcat-embed-websocket-9.0.64.jar;C:Usersdonhu.m2repositoryorgspringframeworkspring-web5.3.21spring-web-5.3.21.jar;C:Usersdonhu.m2repositoryorgspringframeworkspring-webmvc5.3.21spring-webmvc-5.3.21.jar;C:Usersdonhu.m2repositoryiojsonwebtokenjjwt-api.11.5jjwt-api-0.11.5.jar;C:Usersdonhu.m2repositoryiojsonwebtokenjjwt-impl.11.5jjwt-impl-0.11.5.jar;C:Usersdonhu.m2repositoryiojsonwebtokenjjwt-jackson.11.5jjwt-jackson-0.11.5.jar;C:Usersdonhu.m2repositorycomfasterxmljacksoncorejackson-databind2.13.3jackson-databind-2.13.3.jar;C:Usersdonhu.m2repositorycomfasterxmljacksoncorejackson-annotations2.13.3jackson-annotations-2.13.3.jar;C:Usersdonhu.m2repositoryjakartaxmlbindjakarta.xml.bind-api4.0.0jakarta.xml.bind-api-4.0.0.jar;C:Usersdonhu.m2repositoryjakartaactivationjakarta.activation-api1.2.2jakarta.activation-api-1.2.2.jar;C:Usersdonhu.m2repositoryjavaxxmlbindjaxb-api2.3.1jaxb-api-2.3.1.jar;C:Usersdonhu.m2repositoryjavaxactivationjavax.activation-api1.2.0javax.activation-api-1.2.0.jar;C:Usersdonhu.m2repositorycomfasterxmljacksondatatypejackson-datatype-hibernate52.13.3jackson-datatype-hibernate5-2.13.3.jar;C:Usersdonhu.m2repositoryjavaxtransactionjavax.transaction-api1.3javax.transaction-api-1.3.jar;C:Usersdonhu.m2repositorycomfasterxmljacksoncorejackson-core2.13.3jackson-core-2.13.3.jar;C:Usersdonhu.m2repositoryorgpostgresqlpostgresql42.3.6postgresql-42.3.6.jar;C:Usersdonhu.m2repositoryorgcheckerframeworkchecker-qual3.5.0checker-qual-3.5.0.jar;C:Usersdonhu.m2repositoryorgspringdocspringdoc-openapi-ui1.6.9springdoc-openapi-ui-1.6.9.jar;C:Usersdonhu.m2repositoryorgspringdocspringdoc-openapi-webmvc-core1.6.9springdoc-openapi-webmvc-core-1.6.9.jar;C:Usersdonhu.m2repositoryorgwebjarsswagger-ui4.11.1swagger-ui-4.11.1.jar;C:Usersdonhu.m2repositoryorgwebjarswebjars-locator-core.50webjars-locator-core-0.50.jar;C:Usersdonhu.m2repositoryiogithubclassgraphclassgraph4.8.147classgraph-4.8.147.jar;C:Usersdonhu.m2repositoryorgspringdocspringdoc-openapi-security1.6.9springdoc-openapi-security-1.6.9.jar;C:Usersdonhu.m2repositoryorgspringdocspringdoc-openapi-common1.6.9springdoc-openapi-common-1.6.9.jar;C:Usersdonhu.m2repositoryioswaggercorev3swagger-core2.2.0swagger-core-2.2.0.jar;C:Usersdonhu.m2repositoryorgapachecommonscommons-lang33.12.0commons-lang3-3.12.0.jar;C:Usersdonhu.m2repositorycomfasterxmljacksondataformatjackson-dataformat-yaml2.13.3jackson-dataformat-yaml-2.13.3.jar;C:Usersdonhu.m2repositoryioswaggercorev3swagger-annotations2.2.0swagger-annotations-2.2.0.jar;C:Usersdonhu.m2repositoryioswaggercorev3swagger-models2.2.0swagger-models-2.2.0.jar;C:Usersdonhu.m2repositoryorgspringframeworksecurityspring-security-core5.7.2spring-security-core-5.7.2.jar;C:Usersdonhu.m2repositoryorgspringframeworksecurityspring-security-crypto5.7.2spring-security-crypto-5.7.2.jar;C:Usersdonhu.m2repositoryorgspringframeworkspring-core5.3.21spring-core-5.3.21.jar;C:Usersdonhu.m2repositoryorgspringframeworkspring-jcl5.3.21spring-jcl-5.3.21.jar;D:Program FilesJetBrainsIntelliJ IDEA 2022.1.2libidea_rt.jar" com.example.SpringApplication
Java HotSpot(TM) 64-Bit Server VM warning: Options -Xverify:none and -noverify were deprecated in JDK 13 and will likely be removed in a future release.
Connected to the target VM, address: '127.0.0.1:60285', transport: 'socket'

  .   ____          _            __ _ _
 /\ / ___'_ __ _ _(_)_ __  __ _    
( ( )___ | '_ | '_| | '_ / _` |    
 \/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |___, | / / / /
 =========|_|==============|___/=/_/_/_/
 :: Spring Boot ::                (v2.7.1)

2022-07-21 21:40:02.090  INFO 16836 --- [           main] com.example.SpringApplication            : Starting SpringApplication using Java 18.0.1.1 on vypc with PID 16836 (D:githubspring-jwttargetclasses started by donhu in D:githubspring-jwt)
2022-07-21 21:40:02.092  INFO 16836 --- [           main] com.example.SpringApplication            : No active profile set, falling back to 1 default profile: "default"
2022-07-21 21:40:02.679  INFO 16836 --- [           main] .s.d.r.c.RepositoryConfigurationDelegate : Bootstrapping Spring Data JPA repositories in DEFAULT mode.
2022-07-21 21:40:02.730  INFO 16836 --- [           main] .s.d.r.c.RepositoryConfigurationDelegate : Finished Spring Data repository scanning in 46 ms. Found 3 JPA repository interfaces.
2022-07-21 21:40:03.058  INFO 16836 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat initialized with port(s): 8088 (http)
2022-07-21 21:40:03.064  INFO 16836 --- [           main] o.apache.catalina.core.StandardService   : Starting service [Tomcat]
2022-07-21 21:40:03.064  INFO 16836 --- [           main] org.apache.catalina.core.StandardEngine  : Starting Servlet engine: [Apache Tomcat/9.0.64]
2022-07-21 21:40:03.147  INFO 16836 --- [           main] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext
2022-07-21 21:40:03.147  INFO 16836 --- [           main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 1028 ms
2022-07-21 21:40:03.247  WARN 16836 --- [           main] JpaBaseConfiguration$JpaWebConfiguration : spring.jpa.open-in-view is enabled by default. Therefore, database queries may be performed during view rendering. Explicitly configure spring.jpa.open-in-view to disable this warning
2022-07-21 21:40:03.313  INFO 16836 --- [           main] o.hibernate.jpa.internal.util.LogHelper  : HHH000204: Processing PersistenceUnitInfo [name: default]
2022-07-21 21:40:03.341  INFO 16836 --- [           main] org.hibernate.Version                    : HHH000412: Hibernate ORM core version 5.6.9.Final
2022-07-21 21:40:03.424  INFO 16836 --- [           main] o.hibernate.annotations.common.Version   : HCANN000001: Hibernate Commons Annotations {5.1.2.Final}
2022-07-21 21:40:03.515  INFO 16836 --- [           main] com.zaxxer.hikari.HikariDataSource       : HikariPool-1 - Starting...
2022-07-21 21:40:03.580  INFO 16836 --- [           main] com.zaxxer.hikari.HikariDataSource       : HikariPool-1 - Start completed.
2022-07-21 21:40:03.592  INFO 16836 --- [           main] org.hibernate.dialect.Dialect            : HHH000400: Using dialect: org.hibernate.dialect.PostgreSQLDialect
2022-07-21 21:40:07.485  INFO 16836 --- [           main] o.h.e.t.j.p.i.JtaPlatformInitiator       : HHH000490: Using JtaPlatform implementation: [org.hibernate.engine.transaction.jta.platform.internal.NoJtaPlatform]
2022-07-21 21:40:07.492  INFO 16836 --- [           main] j.LocalContainerEntityManagerFactoryBean : Initialized JPA EntityManagerFactory for persistence unit 'default'
2022-07-21 21:40:08.165  INFO 16836 --- [           main] o.s.s.web.DefaultSecurityFilterChain     : Will secure any request with [org.springframework.security.web.session.DisableEncodeUrlFilter@72ad1402, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@621ae2e7, org.springframework.security.web.context.SecurityContextPersistenceFilter@3cef755e, org.springframework.security.web.header.HeaderWriterFilter@21275d4a, org.springframework.web.filter.CorsFilter@683eef1e, org.springframework.security.web.authentication.logout.LogoutFilter@16e578fc, com.example.security.jwt.AuthTokenFilter@3346245e, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@7a1768bd, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@65e62ae8, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@525284af, org.springframework.security.web.session.SessionManagementFilter@70cbce67, org.springframework.security.web.access.ExceptionTranslationFilter@1addcf78, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@3c87f534]
2022-07-21 21:40:08.371  INFO 16836 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port(s): 8088 (http) with context path ''
2022-07-21 21:40:08.380  INFO 16836 --- [           main] com.example.SpringApplication            : Started SpringApplication in 6.518 seconds (JVM running for 7.082)
2022-07-21 21:40:09.834  INFO 16836 --- [nio-8088-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring DispatcherServlet 'dispatcherServlet'
2022-07-21 21:40:09.834  INFO 16836 --- [nio-8088-exec-1] o.s.web.servlet.DispatcherServlet        : Initializing Servlet 'dispatcherServlet'
2022-07-21 21:40:09.835  INFO 16836 --- [nio-8088-exec-1] o.s.web.servlet.DispatcherServlet        : Completed initialization in 1 ms
2022-07-21 21:40:10.000 ERROR 16836 --- [nio-8088-exec-7] c.e.security.jwt.AuthEntryPointJwt       : Unauthorized error: Full authentication is required to access this resource

enter image description here

Go to URL http://localhost:8088/swagger-ui/index.html

enter image description here

How to fix it?

Advertisement

Answer

Your configuration is mostly correct, your swagger page loads properly except that when it tries to retrieve the swagger config and api-docs via its ajax call it fails to do so because it’s under security’s control.

Look at your dev tools and watch the network traffic; you’ll probably see a couple of requests like this:

/v3/api-docs or /v3/api-docs/swagger-config

So, adding /v3/api-docs/** to your included permitAll() should do the trick.

.authorizeRequests().antMatchers("/api/auth/**", "/swagger-ui/**", "/v3/api-docs").permitAll()
User contributions licensed under: CC BY-SA
8 People found this is helpful
Advertisement